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Business Email Compromise (BEC) attacks have increased rapidly in recent years, with the ‘ WHAT IS BEC? 

cost to businesses now over $12 billion in 2018'. The average loss per incident is $160,000, : According to the FBI, BEC is defined as a 

according to the FBI. : sophisticated scam targeting businesses 
; ; : working with foreign suppliers and/or 

BEC attacks usually don't contain attachments or URLs, and the content closely mirrors : businesses that regularly perform wire 

the look of a legitimate email, which is why traditional email security solutions struggle : transfer payments. 

with these attacks. Email authentication standards (SPF, DKIM, DMARC) can prevent : The most common type of BEC attack is 

domain/sender spoofing, but don't prevent other email forging techniques, like using a : “CEO Fraud". These attackers will pose as 

look-alike email domain name or using a compromised account to attack internally. That ; an executive of the company and send 

is why additional BEC prevention technologies are required in order to fully protect email an email to employees~-usually to those 


in finance-requesting a money transfer 
: to the accounts they control. The emails 
Trend Micro email security solutions offer multi-layered protection to prevent BEC : are usually designed to be “urgent” in 
attacks. From employee awareness training and domain spoofing protection, to artificial ; order to throw their targets off-guard. 
intelligence (Al) based BEC protection, our modern security approach can help you 1 nespal rake at aCMeved Uyi Oe 
. f Mi 4 the sender address through the creation 
combat this fast growing and potentially damaging threat. : of a domain that looks similar to that 


of the target company, or by creating 
a free webmail address that would 


BEC DETECTION ANALYZING EMAIL HEADER, CONTENT, : , 
f ' : closely resemble an email address the 
AND AUTHORSHIP : impersonated executive would use. 


BEC scams have been reported in over 
150 countries and have a marked increase 


Behavior + Intention analysis Authorship analysis pride parcertin identified espose osses; 


mi sai : between December 2016 and May 2018! 


users. 

















Routing behavior 


Cousin domain Source: FBI July, 2018 


High-profile user similarity 


Financial impact i 


Urgency nar- 


WRITING STYLE DNA : Email Behavior Analysis 
; Examines the email header for indications 
: of an attack, such as: an insecure email 
VJX ' ' ; provider, a sender domain similar to the 
: arget organization, the sender is using 
EXPERT MACHINE MACHINE : he name of an executive at the recipient's 


RULES LEARNING LEARNING sere $ ; 
organization but the email address is from 
a free email domain, and many other 


Behavior 


EMAIL BEHAVIOR, INTENTION, AND 
AUTHORSHIP EXPLAINED 
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actors. 
Trend Micro uses Al that combines the knowledge of a security expert, with a self- Email Intention Analysis 
learning mathematical model to identify fake emails. We can mimic the decision-making T l 
i H The content of the email is examined for 
process of the security researcher, using a form of Al called an expert system. The : a sense of urgency, a request for action, 
rules of the researcher would examine both the email's behavior and intention. : or a financial implication. None of these 


actors are suspicious on their own, but 


We then use a second form of Al called machine learning, which takes the results of the hey paint a more complete picture when 





expert system and uses a computer-generated algorithm to determine if the email is combined with the other behavioral 
real, fake, or suspicious. The machine learning algorithm is based on millions of real and : actors. 
fake emails and is constantly learning and improving. It weighs the results of the expert : Email Authorship Analysis 


rules and more accurately detects the fraudulent email as fake. ices Altodetermineittheenailis 


impersonating a high-profile user by 
examining the writing style. 
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In addition, we examine the authorship of the email to determine the true author. Our 
Writing Style DNA technology first trains a machine learning model on the executive's 
writing style based on previously sent email. To protect privacy, only the metadata for the 
writing style is captured, rather than the actual text of the email. When an external email 
arrives with the same name as the executive, we compare the writing style to the trained 
model, and if they do not match we warn the recipient of a possible impersonation. 


By combining multiple layers of Al to examine email behavior, intention, and authorship, 
Trend Micro's email security solution can effectively prevent damaging BEC attacks. 





BEC protection is included in most Trend Micro email security products. Writing Style DNA 
is available in Cloud App Security™ and ScanMail™ for Microsoft® Exchange™. 


DOMAIN SPOOFING PROTECTION (DMARC, SPF, DKIM) 


A popular way to conduct a forged email attack is by faking the “Mail From" address. This 
will give the illusion that the email is coming from an internal sender (Same domain as 
the recipient) or a well-known service provider or internet domain. Simple Mail Transfer 
Protocol (SMTP) authentication or email validation techniques such as Sender Policy 
Framework (SPF), Domainkeys Identified Mail (DKIM), and Domain-based Message 
Authentication, Reporting and Conformance (DMARC) were developed over the years to 
detect and prevent email spoofing. 


Domain spoofing protection is included in Hosted Email Security™, InterScan™ Messaging 
Security Virtual Appliance, and Deep Discovery™ Email Inspector. 


EMPLOYEES TRAINING 


Your users are an important defense against email threats. BEC scams can be better 
deflected if employee training is in place, as it is reliant on social engineering. Trend 
icro™ Phish Insight™ is a free phishing simulation and awareness service. You can use 
it to send realistic-looking phishing emails to your users, monitor the results, and offer 
raining to those who need it most. 


We are committed to making our connected world a safer place, and are offering this 
ool for free to ensure your organization is equipped to handle cyber threats. Learn 
ore about Phish Insight. 








As BEC attacks evolve, businesses need to keep up with the threats. Partner with Trend 
icro, and get email security solutions to prevent the attacks. 
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DOMAIN SPOOFING PROTECTION 
EXPLAINED 


e Sender Policy Framework (SPF) 
enables an organization to specify 
what IP addresses are allowed to send 
emails to the internet on their behalf. 
This prevents their domain from being 
used in forged and spoofed emails. 


* DomainKkeys Identified Mail (DKIM) 
stamps an outgoing email with a digital 
signature that the receiving mail server 
can use to verify if the email actually 
came from the specified source email 
address. This also prevents forged 
email addresses in the “Mail From." 


e° Domain-based Message 
Authentication, Reporting, and 
Conformance (DMARC) is an email 
validation system designed to 
detect and prevent email spoofing. 
It leverages SPF and/or DKIM to 
authenticate email messages for 
specific domains, sends feedback to 
senders, and conforms to a published 
policy. 


* Domain spoofing protection is only 
designed to protect against direct 
domain spoofing (e.g. company.com, 
but not otherdomain.com or company. 
net). While impersonating a given 
domain is acommon method used for 
phishing and other malicious activities, 
there are other attack vectors that 
DMARC does not address. 





TREND MICRO EMAIL SECURITY 
SOLUTIONS 





Trend Micro uses XGen™ security, 

the most advanced blend of cross- 
generational threat defense techniques, 
with proven methods to find more 
phishing emails and malware. 

Learn More 





